攻击者利用新的Linux 'CopyFail'漏洞牟利
美国网络安全局(CISA)警告称,一种名为“CopyFail”的新Linux内核漏洞(CVE-2026-31431)已被攻击者利用。
该漏洞允许低权限用户通过修改他们只能读取的数据来获取系统完全控制权,从而实现特权提升。
Theori安全公司使用AI驱动的渗透测试平台Xint发现并报告了该漏洞,并发布了概念验证(PoC)漏洞利用代码。
该漏洞影响到2017年以来构建的几乎所有主流Linux内核版本,Microsoft已确认已观察到攻击活动,并敦促联邦机构在两周内补丁,CISA已将其添加到已利用漏洞目录。
查看原文开头(英文 · 仅前 3 段)
CISA is warning that a newly-disclosed Linux kernel bug dubbed "CopyFail" is already being exploited, just days after researchers dropped a working root-level exploit.
Tracked as CVE-2026-31431, the bug sits in the Linux kernel and gives low-level users a way to take full control of a system by modifying data they should only be able to read, effectively turning limited access into full root privileges on unpatched machines.
The issue was disclosed by cybersecurity consultancy Theori, which said the flaw was discovered by its AI-powered penetration testing platform, Xint, and reported to the Linux kernel security team on March 23. Major Linux distributions pushed out patches ahead of public disclosure, which Theori published alongside a proof-of-concept exploit.
※ 出于版权考虑,仅引用前 3 段。完整内容请阅读原文。